Google weighs end-to-end encryption for Gmail, but how far will it go?

PGP a remedy against NSA-style mischief?

Shares

Gmail with a side of PGP?

Almost a year after Edward Snowden revealed to the world just how far the US government was willing to go with its surveillance initiatives, companies like Google continue to explore methods to shore up the security of user data.

VentureBeat has the scoop that Google is researching new ways to keep Gmail missives from prying eyes, and the answer could lie with an open-source standard more than two decades old.

According to an unnamed Google source, the search giant is seeking ways to make its decade-old Gmail service work seamlessly with existing Pretty Good Privacy (PGP) encryption utilities currently used on text messages, emails, files or even entire disk partitions.

With more than 425 million global users, Gmail is technically already PGP compatible, but could benefit from end-to-end encryption the Google source called "the best defense for message protection" despite a "considerable cost in functionality."

Who holds the keys?

In the consumer world, such end-to-end encryption tools are most notably used with Firefox Sync, which the Electronic Frontier Foundation explains offers a decryption key-based approach which ultimately places more responsibility on end users.

Likewise, third-party services such as GPG Tools and Mailvelope have gone a long way toward making PGP encryption more approachable, but have yet to crack into what the report calls a "mainstream audience."

Considerable security benefits aside, Google will likely stop short of service-wide adoption, given that Gmail messages must first be scanned in order to create targeted advertising, the company's bread and butter.

VentureBeat didn't offer any clues as to how Google might integrate PGP into Gmail, suggesting that any such solution could ultimately end up buried deep within a Settings menu where users could wind up simply ignoring it.